Jan 27 2021 03:25 PM
Hello,
I have a single instance of AADC setup that is syncing two separate AD forests into single tenant.
I would like to remove one of the forests from AADC, but I do not want the cloud users to be deleted. I would like them to be converted to cloud users.
Is there a process for this?
Thank you
Feb 18 2021 01:03 PM
AFAIK there is no way to prevent the (temporary) deletion of the synced objects when removing an AD forest from AAD Connect configuration.
You can, immediately after the removal, go into deleted users and restore them. At that point they will become cloud users and retain all their data, licenses, etc..
You might also want to check the deleted groups section for any groups that were affected by the AD forest removal.
Also AAD Connect has a deletion threshold to prevent accidental mass deletions. This is set by default at 500.
To remove this run Disable-ADSyncExportDeletionThreshold
After you're done, set it again via Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500
Feb 19 2021 10:55 AM
Right, but deletion needs to be avoided as you have to reset passwords upon restoring, that's not a viable solution.
I have found that I was able to accomplish this by disabling ADsync in the tenant. This will convert all accounts to cloud accounts and retains passwords.
Then a clean AADC install on a new machine and soft match the needed accounts.
All accounts and password stay in tact without anything being deleted :)